Cyber supply chain security advice for businesses

When you think of the supply chain you think of manufacturers, wholesalers and retailers around the world, in particular their process of harvesting raw materials, refining them, shipping them and finally distributing them to the customer.In more recent times however another side to the supply chain has emerged, one which includes operations involving information and communication technologies, software distribution and operations within the cloud. This is known as the cyber supply chain and it is the backbone of the modern digital economy.

A single supplier that is temporarily shut down as a result of a cyber-attack could cause major issues for any customers that use its services as part of their supply chain, whilst an entire sector brought to its knees by a large scale cyber-attack could result in a massive supply chain disruption.

In 2014 81% of large organisations and 60% of small businesses in the UK have had security breaches, and each of those may have had customers who relied on the online services they provided as part of their cyber supply chain that were negatively affected as a result.

Cyber criminals are a major threat in today’s world and provide a large threat to cyber supply chains. “They outspend us and they outman us in almost every way,” said Dell Inc’s chief security officer John McClurg, “I don’t recall, in my adult life, a more challenging time.”

Large companies such as Google, Sony, Citibank and Bank of America all spend millions of pounds on cyber security and have all been successfully compromised by cyber criminals. In a world where even the most advanced companies cannot protect their own system’s defences, let alone their cyber supply chain, it is important to work to be resilient in case of an attack.

In addition to the threats posed to large companies, many modern cyber criminals are now targeting small to medium enterprises. Cyber criminals know that these SMEs lack the resources to identify or effectively react when they have been a victim of a cyber attack, and once an attacker gains a foothold in one company they may use this to attempt to compromise other links in the chain.

In the event of an attack the first task a cyber criminal will undertake is to carry out reconnaissance on a business by looking at its online footprint. This can reveal many pieces of information that may be useful to the attacker such as information about key members in the business, links in their supply chain, or servers that can be accessed through their website.

Once the footprinting is complete the attacker will then use the information gathered in order to conduct an array of hacking techniques and social engineering attacks. It only takes one of these to succeed for the business to be compromised, which can cost a large sum of money and significantly damage reputation and customer trust.

Cyber criminals will look for the ‘soft underbelly’ of a target’s supply chain and will work towards compromising that in order to eventually compromise the integrity of the original business. In order to avoid this type of attack it is important to be able to trust that links in your supply chain are secure.

All businesses should ensure they have the threat of cyber-attack on their risk register and should take appropriate measures to secure themselves and defend from malicious cyber criminals, and loose links in their supply chain.

For more information and to check how secure your supply chain is please email enquiries@sbrcentre.co.uk